CVE-2021-3538 #578

womblep · 2025-01-07T01:35:07Z

Docker image on Docker Hub has a critical security defect CVE-2021-3538
There is a fixed Go UUID module, it probably just needs a refresh

github-actions · 2025-01-07T01:35:19Z

Your report is appreciated. Please star this repository to motivate its developers! ⭐

adubovikov · 2025-01-07T11:55:54Z

Thank you! Fixed!

womblep · 2025-01-07T22:29:23Z

@adubovikov thank you so much!
Can you please push a new container version to docker hub?

adubovikov · 2025-01-07T22:30:58Z

@lmangani can you please push ?

adubovikov · 2025-01-08T09:54:55Z

@womblep it was pushed automaticaly! Please check

womblep · 2025-01-10T04:20:22Z

@adubovikov no, still seems to be the old version

lmangani · 2025-01-10T08:53:05Z

@womblep our latest images are hosted on ghcr and that's what should be used
https://github.com/orgs/sipcapture/packages

What instructions are you following?

womblep · 2025-01-10T22:02:58Z

@lmangani I went here https://github.com/sipcapture/homer/wiki/Quick-Install#-docker-install and used the docker compose here https://github.com/sipcapture/homer7-docker/blob/7.7/heplify-server/hom7-prom-all/docker-compose.yml . All the images are pulled from Docker Hub, I didn't realise the newest ones were on ghcr.io
It might be worth changing that docker compose and noting that in the documentation.

lmangani · 2025-01-11T10:48:12Z

That's indeed on us - we need to update all guides/docs, assigned to the team

adubovikov closed this as completed Jan 7, 2025

Provide feedback